Cryptocurrency giveaway scams – including those impersonating Tesla and SpaceX boss Elon Musk – have been making the rounds for quite a few years now. The newest trick up the fraudsters’ sleeves involves name-dropping Musk into the Bitcoin address itself, which has helped them fleece victims out of more than US$2 million worth of bitcoin over the past two months.
In order to make their ruse seem more trustworthy, con artists use Bitcoin vanity addresses that incorporate a custom element or word into the address itself. In this case, it’s the name of the South African-born tech titan: “1MuskSEYstWetqTFn5Au4m4GFg7xJaNVN2” or “1ELonMUskSEYstWetqTFn5Au4m4GFg7xJaNVN2”
The crooks then ask people to send digital cash to a bitcoin address under the promise of doubling the sum as part of a giveaway. However, as you might’ve guessed, the victim won’t see any of their cryptocurrency ever again.
Justin Lister, CEO of cybersecurity firm Adaptiv, who has been tracking the bitcoin addresses misusing Musk’s name over the past month, said he was able to track down 66 such addresses. Speaking to ZDNet, he said he was able to identify the addresses with the aid of BitcoinAbuse, a public database of bitcoin addresses used by scammers, hackers, and various other cybercriminals. According to Lister, the 66 addresses have received over 201 Bitcoin since their creation in April 2020.
RELATED READING: High‑profile Twitter accounts hacked to promote Bitcoin scam
ZDNet was able to identify an additional 67th address, which has received another 13.9 Bitcoin, bringing the total to some 215 Bitcoin. Based on today’s exchange rate, this is equivalent to US$2.03 million.
One of the ways these giveaway scams are organized is through hijacked YouTube accounts with a large number of followers. These accounts are then rebranded to take the guise of a celebrity or brand to bolster their credibility and a giveaway live stream is launched citing an important milestone as a reason for the event. One such event occurred recently, when SpaceX became the first private company to launch astronauts into orbit.
Although YouTube is one of the more popular channels through which these scams are organized, it is by far not the only one. Cybercriminals have been known to utilize other social media to spread their scams, including Twitter, which they use to amplify the reach of their scams using bot networks.
Giveaway scams abusing Elon Musk’s name or companies, as well as other well-known figures such as Bill Gates, are nothing new. They have even provoked the ire of Musk himself, who took to Twitter to share his feelings about the issue earlier this year.
ESET cybersecurity specialist Jake Moore recommends doing your due diligence if you are considering in participating: “I suggest all users do background checks as far as they can including reviews and then further research into the account itself before parting with any money. This isn’t a case of ‘if it’s too good to be true, it probably is’, it’s a case of merely don’t be too quick to click.”